Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted chromium 149.0.7827.114-1 (source) into unstable
Date: Sat, 13 Jun 2026 01:34:41 +0000
Signed by: Andres Salomon <dilinger@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 12 Jun 2026 17:27:35 -0400
Source: chromium
Architecture: source
Version: 149.0.7827.114-1
Distribution: unstable
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
 chromium (149.0.7827.114-1) unstable; urgency=high
 .
   [ Andres Salomon ]
   * New upstream security release.
     - CVE-2026-12007: Use after free  Core. Reported by Google.
     - CVE-2026-12008: Use after free  DigitalCredentials. Reported by Google.
     - CVE-2026-12009: Insufficient validation of untrusted input
       Accessibility. Reported by Google.
     - CVE-2026-12010: Heap buffer overflow  GPU. Reported by Google.
     - CVE-2026-12011: Use after free  WebMIDI. Reported by Google.
     - CVE-2026-12012: Use after free  Network. Reported by Google.
     - CVE-2026-12013: Use after free  Media.
       Reported by Henock Habte, Independent Security Researcher.
     - CVE-2026-12014: Use after free  Cast. Reported by Google.
     - CVE-2026-12015: Use after free  Autofill. Reported by Google.
     - CVE-2026-12016: Insufficient validation of untrusted input  DevTools.
       Reported by Google.
     - CVE-2026-12017: Insufficient validation of untrusted input
       Extensions. Reported by Google.
     - CVE-2026-12018: Inappropriate implementation  Mojo. Reported by Google.
     - CVE-2026-12019: Out of bounds write  Codecs. Reported by Google.
     - CVE-2026-12020: Use after free  Autofill. Reported by Google.
     - CVE-2026-12022: Race  Safe Browsing. Reported by Google.
     - CVE-2026-12023: Use after free  GPU. Reported by Google.
     - CVE-2026-12024: Insufficient policy enforcement  DevTools.
       Reported by Google.
     - CVE-2026-12025: Insufficient validation of untrusted input  Network.
       Reported by Google.
     - CVE-2026-12026: Out of bounds read  Video. Reported by Google.
     - CVE-2026-12027: Insufficient policy enforcement  Headless.
       Reported by Google.
     - CVE-2026-12028: Use after free  GPU. Reported by Google.
     - CVE-2026-12029: Use after free  Video. Reported by Google.
     - CVE-2026-12030: Heap buffer overflow  GPU. Reported by Google.
     - CVE-2026-12031: Inappropriate implementation  Views. Reported by Google
     - CVE-2026-12032: Inappropriate implementation  Passwords.
       Reported by Google.
     - CVE-2026-12033: Out of bounds read  VideoCapture. Reported by Google.
     - CVE-2026-12034: Insufficient validation of untrusted input  Linux
       Toolkit Theming. Reported by Google.
     - CVE-2026-12035: Use after free  Views. Reported by Google.
 .
   [ Jianfeng Liu ]
   * d/patches/loongarch64/0024-fix-libyuv-lsx.patch: drop due to upstream
     reverting to version of libyuv that doesn't have lsx issue.
Checksums-Sha1:
 a5fa5e34c6a56ddf6ca682b2c0451426bada6e5f 4079 chromium_149.0.7827.114-1.dsc
 e9709ecc1862160ce4b049323a4bc83b7a789b75 929165944 chromium_149.0.7827.114.orig.tar.xz
 4abf25839d1674e6cfc2adda7d6b321fe6ec7210 496424 chromium_149.0.7827.114-1.debian.tar.xz
 f314a1dffbb9fe6237d236a6e0eb476f5664abb0 27919 chromium_149.0.7827.114-1_source.buildinfo
Checksums-Sha256:
 d4583c062319ade9ea15a4d36f711b498963092dc282f3b6d7699d0261f36bb5 4079 chromium_149.0.7827.114-1.dsc
 d6377291548ae6c80559c1ec3f8d7a72e15d10b6f0ccc9c6822b6248bdd3e8cf 929165944 chromium_149.0.7827.114.orig.tar.xz
 f2df0d83fe31405c2b74668c644e0deeb311fb7edeea07e2d0e6befc570f4353 496424 chromium_149.0.7827.114-1.debian.tar.xz
 ada5211505c64892aa9248678abd2dca26686724765839776580423a1fba4fab 27919 chromium_149.0.7827.114-1_source.buildinfo
Files:
 cfc6844655cabff317009b5eca7e2c8a 4079 web optional chromium_149.0.7827.114-1.dsc
 9dec348fabc08e3fe29937c7382ac106 929165944 web optional chromium_149.0.7827.114.orig.tar.xz
 0cd4348c6b1f69becae26b7b35f445e6 496424 web optional chromium_149.0.7827.114-1.debian.tar.xz
 a4b0bca101484f06c49345781aa86898 27919 web optional chromium_149.0.7827.114-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmossIcUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjfSXg/6AhO35RibwysvqODRpU4W+wJep8j+
/vSzZtpjQ8E6Nd5uN/xW+aJyP/AoFKuYHTD/MUx07hhJl9+al5Ui+lC1k2gdwsge
A9mTQETtjCIRSdPZF7iv6rgaK+8xSu/A2QTkn9KuP4U4dQXY+9n3zgggw3QbwKyG
6swRoV4c35B2tvMyNpjU382EH22/YS/pZCtpdKJZ0mfs9aWJlW7h+KdEvYFWgloM
H68c1Izr5GqunQP9ismdvTxvpc0KON4fPryTpiJi/xvVXvpLcSetSWjTxsI0W+aa
I8YceChgl7rSNkqMHDEYmxATUNgLbc7MLSvj0fQgb3TFsknSkaqp59HXn1GtPtKP
aYQrSuClMJgXw1Z7xW7/eTA2fvtUzn4bWASGJXMFZcHFNXxZBZlHFjbCPdl9OF3T
ssGA8fLZ/pjUchl0ht8sll7M7byzNxgr/ZJXepS+kP1jHJON2ZVfQN3f2uA/4/Dh
Lda4Sx9I4D4hZHVMEFfG6JI8FObVOA4piDV8YT5xnEUKwVKKHqqIznzHA+J7C7Gi
qy2cf+X+JJN6Adodq5W71ObLMQjrEazMsHcWCxT+XdSeH/rPhwMrC8WdfJHETK6S
ge59ZBMBBmCwgS61I8T2AvuPoiuJN8kH+DWkh7o52E8LKZ1K4/TtnreMSnAIkG2H
QkeFF7iilGM0vN4=
=LOnu
-----END PGP SIGNATURE-----
News for package chromium
